What about BREACH (CVE-2013-3587)?

Frank Liu gfrankliu at gmail.com
Tue Feb 4 22:44:20 UTC 2020


This is documented. Quote from
http://nginx.org/en/docs/http/ngx_http_gzip_module.html

*When using the SSL/TLS protocol, compressed responses may be subject to
BREACH <https://en.wikipedia.org/wiki/BREACH> attacks. *

On Tue, Feb 4, 2020 at 1:35 PM Rainer Duffner <rainer at ultra-secure.de>
wrote:

>
>
> Am 04.02.2020 um 21:38 schrieb J.R. <themadbeaker at gmail.com>:
>
> I think you are confusing TLS compression with HTTP compression...
>
>
>
>
> Probably.
> I read that later somewhere else.
>
> I just wonder why it’s lumped-in in testssl.sh.
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200204/ddab023e/attachment.htm>


More information about the nginx mailing list